Home Networking Tips and Giving Superpowers to the TP-Link Archer C7

Friday, October 7, 2016 @ 6:32 pm

There are many good resources on setting up and tweaking home networks, but I just wanted to put this post together as a compilation of all the best practices I’ve come across over the past ~15 years. I’ll also describe how to move away from proprietary firmware to open-source firmware for the TP-Link Archer C7 wireless router.

General Home Networking Tips:

If possible, plug in your computer/device. A wired connection will always be faster and more stable than a wireless connection (e.g. no interference from walls, other devices, and signals).

Lower channels/frequencies are able to penetrate walls better than higher frequencies (example: when you encounter a car blasting loud music on the streets, you typically only hear the bass).

Comparing the Frequency Bands:

2.4 GHz: better range and compatibility with devices, but more congested and susceptible to interference (e.g. microwaves).

5 GHz: faster data rates and less congestion (ideal for streaming and wherever possible), but shorter range and not supported by older devices.

Choosing a Network Name: with modern routers being dual-band (both 2.4 GHz and 5 GHz), this means that you can set up and connect to two different “networks” in your home/office.

Using the same name: your devices will automatically detect which one is better to connect to.

Using different names: you would have to manually configure your devices to have a preferred order of networks (to connect to the 5 GHz network if available, if not then connect to the 2.4 GHz network).

If a microwave is interfering with your connection when it’s in use, try to use channel 1 (source).

For the 5 GHz band: avoid using any channel between 50-144 as they are subject to DFS (dynamic frequency selection as they use the same frequencies as some radars). Unlike the 2.4 GHz band, you can pick any channel.

If range or heat management is important in your situation, choose a lower channel (36, 40, 44, 48).

Note: choosing a lower channel may limit your maximum transmit power level based on your region, so you may be forced to use a higher channel (149, 153, 157, 161, 165)

When choosing a channel, choose one that is least congested. To help understand what channels nearby networks are using, you can use tools such as Acrylic WiFi Home (for Windows), InSSIDer 3.1.2.1 (the last free version – for Windows), Wifi Analyzer (a highly rated free Android app).

Channel width: if you have the ability to set the radio channel width on your router, use 20 MHz for the 2.4 GHz band for less interference (here’s why), and 40 MHz for the 5 GHz band for greater device compatibility (here’s why).

Transmission power: if available in your router settings, set your 2.4 GHz radio to be around 6 dB lower than the 5 GHz radio’s transmit power to achieve a roughly equivalent area of coverage (source).

Giving Superpowers to the TP-Link Archer C7

By superpowers I mean moving away from the stock firmware to a custom, open-source firmware: OpenWRT.

More stable: stock TP-Link firmware updates are few and far between – for example, the official Archer C7 v2 firmware (Canadian) hasn’t been updated to address the bug where it can’t detect high-capacity external hard drives.

Improved performance: I noticed there would be a decrease in LAN transfer speeds if I was downloading a large file with the stock Archer C7 firmware. I don’t experience this anymore with OpenWRT.

Lightweight and feature-rich: by default, OpenWRT comes with only the bare essentials to get a basic wired/wifi network up and running. You have the ability to install various packages, such as an SSH server, adblocker, VPN, BitTorrent client, and traffic-shaping/QoS.

Open-source: this means the source code is accessible and open for review/scrutiny. For privacy nerds, this is important because the likelihood of backdoors/snooping/vulnerabilities is much lower with OpenWRT than with using stock firmware.

Recently I’ve successfully “upgraded” two Archer C7s to OpenWRT v15.05.1 (“Chaos Calmer”) with the following features:

USB Support: allow detection and recognition of any USB stick/hard drive plugged into the router’s two USB ports.

Network File Sharing: share any USB-connected storage media across the entire network. I have a few Amazon Fire TV boxes that stream media off of a couple ofcentral external hard drives.

Power Efficiency: automatically spin-down any connected external disks if they’ve been idle for 10 minutes.

Intelligent Traffic Prioritization: using QoS (Quality of Service) to be able to download a large file while streaming an online video buffering-free, for example.

Ad and Tracker Blocking: any device connected to my network will automatically have ads and tracking services blocked.

DNS Protection: DNS spoofing is prevented courtesy of DNSCrypt.

For one router, I have over 15 devices simultaneously connected (laptops, tablets, phones, TV boxes), and it is able to cope with this without any problems.

In short, this guide will show you step-by-step how to flash and customize OpenWRT to have no loss in features provided by the stock firmware (e.g. USB support and QoS), with the added feature of having adblocking at the router level.

If you own a different router: sections #1 to 3 in this guide would likely still work for you. You would just need to check to check if OpenWRT supports your router. Proceed from section #4 onwards with caution.

Disclaimer: I’m not responsible for anything that might happen to your router if you follow this guide.

If your serial number is 215C or greater, you must use the trunk release of OpenWRT. The trunk release does not have the driver for 5 GHz functionality and the web interface installed by default. So you may need to run: opkg install kmod-ath10k luci

By default, wifi is disabled in OpenWRT. Let’s go ahead and set up our 2.4 GHz and 5 GHz wifi networks now so that anyone at home/the office aren’t left without Internet for too long!

At the top of the page, hover over “Network” and click on “Wifi”.

You will see two radios that are disabled (2.4 GHz and 5 GHz):

Qualcomm Atheros QCA9880 802.11nac (radio0) = 5 GHz

Generic MAC80211 802.11bgn (radio1) = 2.4 GHz

We will need to configure both radios. Click on the “Edit” button for Qualcomm Atheros QCA9880 802.11nac (radio0), go through the steps below, and then repeat for Generic MAC80211 802.11bgn (radio1).

Device Configuration:

General Setup tab:

For Qualcomm Atheros QCA9880 802.11nac (radio0):

Mode: AC

Channel: choose a channel that isn’t in use by (many) other routers. Read General Home Networking Tips at the top of this page for tools to check nearby wifi networks and what channels they are on. Choose the least congested one.

Width: 40 MHz

Transmit Power: this depends on your needs. If in doubt, leave at the default value.

For Generic MAC80211 802.11bgn (radio1):

Mode: N

Channel: choose 1, 6, or 11. Again check nearby wifi networks and what channels they are on. Choose the least congested one.

Width: 20 MHz

Transmit Power: this depends on your needs. If in doubt, leave at the default value. If comfortable, you can set this to be 6 dBm less than your 5 GHz (radio0) transmit power level.

Advanced Settings tab:

Country Code: set to your country

Interface Configuration:

General Setup tab:

ESSID = enter any name you want to give your wireless network. I recommend that this is the same for both radio0 and radio1.

Wireless Security tab:

Encryption = WPA2-PSK

Cipher = auto

Key = enter any password you want

Click on “Save & Apply”.

Go through both radios again (“Edit”) and verify that the channel and transmit power values are correct. The options and maximum levels vary across countries.

Once everything looks good, you can click on “Enable” for both.

It should now look like the below screenshot:

4. Log into SSH

Now that we’ve set up a password and enabled SSH access, we can now go ahead and log in.

Open PuTTY.

For “Host Name (or IP address)”, enter: 192.168.1.1

Click on the “Open” button.

You will see a PuTTY Security Alert message, click on “Yes”.

A black box will appear and will ask you to enter a username and password.

Use root as your username.

Use the password you configured in 3. Configuring OpenWRT step #3 above.

5. Install Features

We have logged into SSH to install the necessary packages to recognize USB devices, share them on the network, spin-down disks if they are idle, as well as a Quality-of-Service (QoS) package.

10. (optional) Using a Custom DNS Server

You are able to set your router to use a custom DNS server. You can read about some of the benefits here. My personal preference is OpenNIC (click on the link, then select your country. Jot down the IP address (under the “IPv4” column) of any servers which have “Log Anon” in blue).

At the top of the page, hover over “System” and click on “Scheduled Tasks”.

As a new line, enter:

0 12 * * * wget -qO- --no-check-certificate "address from step #3"

Click on Submit.

Repeat the first set of steps in this section to update your DNS servers.

11. (optional) Install Adblock

With OpenWRT, you are also able to implement adblocking capabilities at the router level for your network. This means that any device connected to your network will automatically have ads/tracking services blocked, which is a huge benefit in terms of privacy and speed.

Adblock comes with 3 blocklist sources enabled by default. In the steps below I will show you how to install it, enable more blocklist sources (for 7 in total), optimize adblock settings to reduce wear on your router, include it in router startup, and enable automatic daily updates.

Choose which blocklist sources you want to enable. Personally I have enabled:

adaway (comes enabled by default)

disconnect (comes enabled by default)

hphosts

malwarelist

whocares

winhelp

yoyo (comes enabled by default)

Note: you must keep in mind that available space/memory is limited, so do not enable all of the blocklist sources.

(optional) Tick the “Do not write status info to flash” option. I have done this to conserve flash writes on my router. The only drawback is that the status page in the web interface won’t show the latest information, but that’s not an issue for me.

Click on “Save & Apply”.

At the top of the page, hover over “System” and click on “Scheduled Tasks”.

Paste the following into the text box:

0 13 * * * /etc/init.d/adblock start

The above line will make it so blocklist updates are run every day at 1:00pm. I chose this time instead of early morning hours (e.g. 4am) because there is the possibility some systems are down for maintenance then. Read this page for more information and options.

12. (optional) Install DNSCrypt

DNSCrypt prevents DNS spoofing and is relatively easy to install and set up.